The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The world is advancing towards technological evolution day by day resulting in an exponential rise in Data. This massive volume of Data has introduced the idea of Big Data, which has captured the attention of business and IT scholars as a blessing and a source of immense opportunities for large organizations. Securing this huge amount of data has become a great concern in the field of information...
With business data breaches on the rise, NIST introduced the 2014 Cybersecurity Framework (CSF) to help companies reduce the cybersecurity risks threatening their critical infrastructures. CSF’s key elements are described, with recommendations for organizations at various levels of adoption.
Information is one of the organization's assets. It also determines the values of the company whether the company is a professional and trustworthy in keeping information both internal corporate information as well as information from the user side. But in carrying out its functions, the company would meet a variety of information security threats. Confidentiality, integrity, authenticity, and non-repudiation...
Since the inception of cloud computing, security researchers have been active in addressing the question of cloud information security, which has seen the development of a wide range of technical solutions. The same can be said for non-cloud information security research which has been active for a far longer period of time. Yet, year on year, security breaches continue to increase, both in volume...
While social engineering represents a real and ominous threat to many organizations, companies, governments, and individuals, social networking sites (SNSs) have been identified as some of the most common means of social engineering attacks. Due to factors that reduce users' ability to detect social engineering tricks and increase attackers' ability to launch them, SNSs seem to be perfect breeding...
Information technology risk prediction markets have potential to identify the probabilities of risk events that are relevant to information systems. Prediction markets provide a bidding mechanism that allows large number of participants to compete for forming the most accurate predictions for future events. The accuracy of forecasts regarding the frequency, nature, and the form of cyber attacks is...
The present paper deals with the 4th wave of the Information Security as a new approach to governance of information security. After introducing the four waves of information security, is focused on the last part which will be part of our thesis. In addition, following the PDCA approach (Plan, Do Check, Act), we will establish an inventory of information system with the SoM (Statement of Maturity),...
There has been increasing challenges in the effective structure of crucial information for effectual information security, personal privacy and data protection. Especially, when in an age of e-commerce, risks and threats from e-commerce transaction have been keeping rising up. Both new ways of cyber information security and security breach, which have affected people's life in some particular aspects,...
We discuss the concept of information stewardship in cloud-based business ecosystems. The constituent concepts of stewardship -- which we believe will be crucial to the successful development of cloud-based business of all kinds -- extend those of security to encompass concepts of objectives, ethics/values, sustainability, and resilience: all familiar from the stewardship of natural resources. Our...
Privacy and security are relevant topics in both -- research and practice. Although they are often used together, implicitly assuming that they represent the same concept, they actually represent different concepts that are closely related. First, this paper presents a way to differentiate between these two topics from a conceptual point of view. Furthermore, it depicts some commonly accepted privacy...
Collaborative networks represent a promising paradigm for companies to counter actual challenges in a globalized world. However, such networks bring along additional risks regarding information security and privacy which may lead to compliance violations. In this paper stakeholders and respective information security management requirements regarding collaborative networks are identified and analyzed...
Despite the security policies, standards, awareness strategies and tools currently in place, employees are still involving in risky behaviors that put business at risk. The growth and proliferation of Social Networks Services (SNS), among other threats, have made possible new leakage avenues for sensitive data, and malware spread. To address these security issues, network and security managers often...
As Information Security Professionals we are often thought of as the individuals who implement the necessary technologies to protect the organization. Sometime as InfoSec professionals we are too paranoid about security that we tend to bend over backwards to protect information at ANY cost. Cost is a delineating factor in the protecting the confidentially, integrity and availability of information...
This paper investigates the impact of the characteristics of information security policy (ISP) on an employee's security compliance in the workplace. Two factors were proposed as the antecedents of employees' security compliance: ISP Fairness and ISP Quality. ISP Quality is comprised of three quality dimensions--Clarity, Completeness, and Consistency. It is shown that ISP fairness has a strong positive...
Based on the available secured files and information in the companies; they need to be secured by a very high system. Currently, most of companies are accessed by normal keys in order to access the offices. But, those keys might be lost or stolen. In addition, those doors can be hacked easily by thieves. This raises a need to improve security of such information by limiting access only to those who...
User passwords are the gateway to an organization's assets. When users are the agents selecting passwords, they are the key component to improving passwords. Users must be persuaded to select passwords difficult to compromise. User behavior can be influenced by information security training. This study examines the use of cognitive load theory to design the information security training on password...
As e-Business and e-Commerce applications are increasingly exposed to a variety of information security threats, corporate decision makers are increasingly forced to pay attention to security issues. Risk management provides an effective approach for measuring the security but existing risk management approaches come with major shortcomings such as the demand for very detailed knowledge about the...
This paper emerges from research by (Alter, S. et al., 2004), (Dillard, K. et al., 2004), (Landoll, D.J., 2006) and (Soliman, K., 2006), and it draws on real-world examples so as to underline some limits of quantitative risk assessment. The paper is a case study and emphasized that theoretical formulas used in information security risk assessments do not contain the time dimension of the analysis...
This is a research study of indirect financial impact of phishing announcements on firm value. Using about 3,000 phishing announcements, we showed that phishing has significant negative influence on firms regardless of company size. With regard to attacks on holding and subsidiary companies, we also discovered that the impact on holding companies is significantly higher. We believe that our research...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.